HT Logs. Tips, FAQs, Analyze.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: WIa5bc
Filename: WIa5bc.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Windows PC Defender

Command: C:\Documents and Settings\All Users\Application Data\a5bc4e8\WIa5bc.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Windows PC Defender] “C:\Documents and Settings\All Users\Application Data\a5bc4e8\WIa5bc.exe” /s /d

Description: WIa5bc.exe is a component of Windows PC Defender rogue antispyware program.

How to remove: use these Windows PC Defender removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: _ex-08
Filename: _ex-08.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | PromoReg

Command: C:\WINDOWS\Temp\_ex-08.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-08.exe

Description: Trojan.Agent

How to remove: use MalwareBytes Anti-malware.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SoftSafeness
Filename: SoftSafeness.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SoftSafeness

Command: C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafeness.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SoftSafeness] C:\Program Files\SoftSafeness Software\SoftSafeness\SoftSafeness.exe -min

Description: main component of SoftSafeness rogue antispyware program.

How to remove: use these SoftSafeness removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SafetyKeeper
Filename: SafetyKeeper.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SafetyKeeper

Command: :\Program Files\SafetyKeeper Software\SafetyKeeper\SafetyKeeper.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SafetyKeeper] C:\Program Files\SafetyKeeper Software\SafetyKeeper\SafetyKeeper.exe -min

Description: SafetyKeeper.exe is main component of SafetyKeeper rogue antispyware program.

How to remove: use these SafetyKeeper removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: SaveKeeper
Filename: SaveKeeper.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | SaveKeeper

Command: C:\Program Files\SaveKeeper Software\SaveKeeper\SaveKeeper.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [SaveKeeper] C:\Program Files\SaveKeeper Software\SaveKeeper\SaveKeeper.exe -min

Description: main component of SaveKeeper (rogue antispyware program)

How to remove: use these SaveKeeper removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: q1pdsdjx
Filename: q1pdsdjx.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | q1pdsdjx.exe

Command: C:\WINDOWS\system32\q1pdsdjx.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [q1pdsdjx.exe] C:\WINDOWS\system32\q1pdsdjx.exe

Description: component of SaveKeeper that shows fake Windows Security Center.
Notes:

How to remove: use these SaveKeeper removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: personalguard
Filename: personalguard.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | personalguard

Command: C:\Program Files\Personal Guard 2009\personalguard.exe
Startup Type:HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [personalguard] C:\Program Files\Personal Guard 2009\personalguard.exe

Description: added by Personal Guard 2009 rogue antispyware program.

How to remove: use these Personal Guard 2009 removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: avdrive32
Filename: avdrive32.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup

Command: C:\WINDOWS\avdrive32.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\avdrive32.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
“Microsoft Driver Setup”=C:\WINDOWS\avdrive32.exe [2009-09-04 81408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Driver Setup]
C:\WINDOWS\avdrive32.exe [2009-09-04 81408]
2009-09-03 21:19:12 —-RSH—- C:\WINDOWS\avdrive32.exe

Description: Win32.IRCBot worm also known as Backdoor.Win32.IRCBot.gen, Worm:Win32/Pushbot

How to remove: use Kaspersky virus removal tool.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: sys32_nov
Filename: sys32_nov.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | sys32_nov
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | sys32_nov

Command: C:\WINDOWS\system32\sys32_nov.exe
Startup Type:HKLM->Run, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [sys32_nov] C:\WINDOWS\system32\sys32_nov.exe
O4 – HKCU\..\Run: [sys32_nov] C:\Documents and Settings\Admin\sys32_nov.exe

Description: trojan that installed with braviax trojan and rogue antispyware software

How to remove: use these braviax trojan removal instructions.

This is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum.

Name: PAVRM
Filename: PAVRM.exe
Registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | Advanced Virus Remover

Command: C:\Program Files\AdvancedVirusRemover\PAVRM.exe
Startup Type: HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKCU\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe

Description: component of Advanced Virus Remover (fake antivirus program)

How to remove: use these Advanced Virus Remover removal instructions in order to remove the PAVRM.exe file and any associated malware from your computer for free.